Security News > 2022 > December > Leaked Signing Keys Are Being Used to Sign Malware
A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware.
Ukasz Siewierski, a member of Google's Android Security Team, has a post on the Android Partner Vulnerability Initiative issue tracker detailing leaked platform certificate keys that are actively being used to sign malware.
The post is just a list of the keys, but running each one through APKMirror or Google's VirusTotal site will put names to some of the compromised keys: Samsung, LG, and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart's Onn tablets.
The whole system of authentication rests on the assumption that signing keys are kept secret by the legitimate signers.
Samsung's compromised key is used for everything: Samsung Pay, Bixby, Samsung Account, the phone app, and a million other things you can find on the 101 pages of results for that key.
Some of the updates are from today, indicating Samsung has still not changed the key.